Rapid7 Vulnerability & Exploit Database

USN-989-1: PHP vulnerabilities

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

USN-989-1: PHP vulnerabilities

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

06/24/2010

Created

07/25/2018

Added

05/06/2013

Modified

07/09/2020

Description

Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function.

Solution(s)

ubuntu-upgrade-libapache2-mod-php5
ubuntu-upgrade-php5-cgi
ubuntu-upgrade-php5-cli

References

https://attackerkb.com/topics/cve-2010-0397
APPLE-SA-2010-08-24-1
APPLE-SA-2010-11-10-1
APPLE-SA-2011-03-21-1
38430
38431
38708
40948
CVE - 2010-0397
CVE - 2010-1128
CVE - 2010-1129
CVE - 2010-1130
CVE - 2010-1866
CVE - 2010-1868
CVE - 2010-1917
CVE - 2010-2094
CVE - 2010-2225
CVE - 2010-2531
CVE - 2010-2950
CVE - 2010-3065
DSA-2089
DSA-2266
RHSA-2010:0919
USN-989-1
58585
59610

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

USN-989-1: PHP vulnerabilities

USN-989-1: PHP vulnerabilities

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.